Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91866 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Eek! Backdoor trojan - Hijackthis log included


  • This topic is locked This topic is locked
10 replies to this topic

#1 sukaina

sukaina

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 June 2008 - 11:12 AM

Hi, I really need your help. My symnatec virus scan said I had a backdoor trojan virus (aspimgr). I found a similar topic posted here online (http://forums.whatth...ack_t86321.html) and followed only these instructions from that topic:

"Go to Start> Run and type in services.msc then press Enter
Scroll down to Microsoft ASPI Manager
Double Click that service to open it.
Click on Stop Service.
Then change the Startup Type to Disabled.
OK your way out of the program.


Open HJT > Misc Tools > Delete an NT Service
Type in aspimgr
Then click on OK, it will ask you to reboot, do so."


Then I scanned my comp using HJT. Here is my log flie now. Looks like file 23, 21 and 2 says "file missing". Please tell me what to do next. So lost:

Logfile of HijackThis v1.99.1
Scan saved at 12:59:54 PM, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by sukaina, 04 June 2008 - 11:15 AM.

    Advertisements

Register to Remove


#2 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 05 June 2008 - 06:11 PM

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


IMPORTANT!
Please DO NOT ever follow a fix from someone else's machine. Things might have been done that are specific to that machine and may ruin yours. Just friendly advice.




______________________________________________
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log







_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from S&D FIX

Edited by bob4, 05 June 2008 - 06:16 PM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#3 sukaina

sukaina

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 June 2008 - 08:03 PM

Hi! Thank you! I cant thank you enough for helping me! Believe me when I say that I wont be following advice for other computers any more.

Here are the files you asked for:

Report.txt


SDFix: Version 1.188
Run by Sukaina Jaffer on 05/06/2008 at 09:41 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\SUKAIN~1\Desktop\SDFix

Checking Services :

Name :
msscenter

Path :
C:\WINDOWS\system32\msscntr32.exe

msscenter - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\index.html - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\ws386.ini - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:51:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EDE7A6-B871-9C4C-D76F-F7122A8396F0}]
"iacjmlekfoempgcbcd"=hex:64,61,6a,64,6b,63,6b,6c,00,70
"iaoieohlgflcdjgida"=hex:6b,61,64,64,62,62,62,6d,63,6b,69,6b,70,6f,6d,62,68,6b,66,70,67,..
"hamhkphpgkncckaf"=hex:6b,61,64,64,62,62,62,6d,63,6b,69,6b,70,6f,6d,62,68,6b,66,70,67,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\SUKAIN~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 10 Feb 2008 0 ..SH. --- "C:\WINDOWS\SCAE9A987.tmp"
Wed 24 May 2006 56 ..SHR --- "C:\WINDOWS\system32\E1747373E9.sys"
Wed 24 May 2006 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 17 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT40.tmp"
Tue 20 Mar 2007 4,041,216 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 30 May 2008 25,088 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 21 Mar 2007 4,070,400 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0045.tmp"
Wed 21 Mar 2007 4,065,792 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0096.tmp"
Wed 21 Mar 2007 13,392,384 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0128.tmp"
Wed 21 Mar 2007 4,071,424 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0134.tmp"
Wed 21 Mar 2007 4,066,304 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0136.tmp"
Wed 21 Mar 2007 4,073,472 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0156.tmp"
Tue 20 Mar 2007 4,060,160 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0248.tmp"
Tue 20 Mar 2007 4,047,872 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0276.tmp"
Tue 20 Mar 2007 4,060,160 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0285.tmp"
Wed 21 Mar 2007 4,073,984 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0290.tmp"
Wed 21 Mar 2007 4,070,400 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0383.tmp"
Tue 20 Mar 2007 4,061,184 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0387.tmp"
Tue 20 Mar 2007 4,061,184 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0400.tmp"
Wed 21 Mar 2007 13,392,384 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0404.tmp"
Wed 21 Mar 2007 4,067,328 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0494.tmp"
Tue 20 Mar 2007 4,045,312 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0506.tmp"
Fri 30 May 2008 27,136 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0522.tmp"
Wed 21 Mar 2007 16,177,664 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0547.tmp"
Fri 30 May 2008 25,088 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0548.tmp"
Wed 21 Mar 2007 13,393,408 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0565.tmp"
Wed 21 Mar 2007 4,069,888 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0587.tmp"
Wed 21 Mar 2007 4,076,544 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0619.tmp"
Wed 21 Mar 2007 4,075,008 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0648.tmp"
Wed 21 Mar 2007 9,238,016 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0659.tmp"
Mon 10 Jul 2006 55,808 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0672.tmp"
Fri 30 May 2008 26,112 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0737.tmp"
Fri 30 May 2008 25,600 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0750.tmp"
Wed 21 Mar 2007 4,072,960 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0857.tmp"
Fri 30 May 2008 26,624 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0874.tmp"
Wed 21 Mar 2007 21,044,736 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0875.tmp"
Tue 20 Mar 2007 4,046,336 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0881.tmp"
Fri 30 May 2008 26,112 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0882.tmp"
Wed 21 Mar 2007 21,043,200 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL0886.tmp"
Tue 20 Mar 2007 4,041,216 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1007.tmp"
Wed 21 Mar 2007 4,073,984 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1025.tmp"
Wed 21 Mar 2007 13,391,360 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1028.tmp"
Tue 20 Mar 2007 4,063,744 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1035.tmp"
Fri 30 May 2008 27,136 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1064.tmp"
Wed 21 Mar 2007 4,063,744 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1120.tmp"
Fri 30 May 2008 26,624 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1127.tmp"
Tue 20 Mar 2007 4,061,184 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1134.tmp"
Tue 20 Mar 2007 4,047,360 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1183.tmp"
Tue 20 Mar 2007 4,060,672 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1214.tmp"
Wed 21 Mar 2007 21,048,320 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1265.tmp"
Wed 21 Mar 2007 4,073,984 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1303.tmp"
Wed 21 Mar 2007 13,392,896 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1373.tmp"
Tue 20 Mar 2007 4,044,800 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1408.tmp"
Tue 20 Mar 2007 4,040,192 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1449.tmp"
Wed 21 Mar 2007 4,070,400 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1521.tmp"
Tue 20 Mar 2007 4,059,136 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1523.tmp"
Tue 20 Mar 2007 26,112 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1547.tmp"
Wed 21 Mar 2007 4,067,328 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1597.tmp"
Wed 21 Mar 2007 4,067,840 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1654.tmp"
Wed 21 Mar 2007 4,071,936 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1708.tmp"
Tue 20 Mar 2007 4,047,360 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1758.tmp"
Wed 21 Mar 2007 16,176,128 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1760.tmp"
Wed 21 Mar 2007 21,045,248 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1775.tmp"
Tue 20 Mar 2007 4,040,192 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1777.tmp"
Tue 20 Mar 2007 4,061,696 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1800.tmp"
Tue 20 Mar 2007 4,041,216 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL1924.tmp"
Tue 20 Mar 2007 4,059,136 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2049.tmp"
Wed 21 Mar 2007 12,043,264 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2119.tmp"
Tue 20 Mar 2007 4,060,160 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2130.tmp"
Wed 21 Mar 2007 4,075,520 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2132.tmp"
Tue 20 Mar 2007 4,041,216 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2174.tmp"
Tue 20 Mar 2007 4,045,312 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2188.tmp"
Wed 21 Mar 2007 21,041,664 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2214.tmp"
Wed 21 Mar 2007 4,070,400 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2225.tmp"
Tue 20 Mar 2007 55,296 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2295.tmp"
Fri 30 May 2008 26,112 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2399.tmp"
Tue 20 Mar 2007 4,060,672 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2403.tmp"
Wed 21 Mar 2007 4,062,208 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2497.tmp"
Tue 20 Mar 2007 4,041,728 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2500.tmp"
Tue 20 Mar 2007 4,042,752 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2582.tmp"
Wed 21 Mar 2007 4,069,888 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2600.tmp"
Wed 21 Mar 2007 4,067,328 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2606.tmp"
Tue 20 Mar 2007 4,042,752 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2668.tmp"
Wed 21 Mar 2007 21,046,784 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2825.tmp"
Tue 20 Mar 2007 4,040,704 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2933.tmp"
Tue 20 Mar 2007 4,060,160 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL2973.tmp"
Fri 30 May 2008 27,648 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3059.tmp"
Tue 20 Mar 2007 4,059,648 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3143.tmp"
Wed 21 Mar 2007 4,068,864 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3159.tmp"
Wed 21 Mar 2007 4,072,960 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3205.tmp"
Tue 20 Mar 2007 4,062,720 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3212.tmp"
Wed 21 Mar 2007 16,178,176 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3223.tmp"
Wed 21 Mar 2007 4,069,888 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3228.tmp"
Wed 21 Mar 2007 4,076,032 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3560.tmp"
Tue 20 Mar 2007 4,041,728 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3599.tmp"
Fri 30 May 2008 25,600 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3654.tmp"
Wed 21 Mar 2007 4,063,744 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3731.tmp"
Fri 30 May 2008 24,576 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3783.tmp"
Wed 21 Mar 2007 21,047,296 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3816.tmp"
Tue 20 Mar 2007 4,060,160 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3872.tmp"
Wed 21 Mar 2007 4,069,376 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3876.tmp"
Wed 21 Mar 2007 13,394,432 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3890.tmp"
Wed 21 Mar 2007 21,042,688 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3891.tmp"
Tue 20 Mar 2007 4,044,288 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL3997.tmp"
Wed 21 Mar 2007 4,075,520 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL4000.tmp"
Wed 21 Mar 2007 4,069,888 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL4043.tmp"
Wed 21 Mar 2007 21,050,368 ...H. --- "C:\Documents and Settings\Sukaina Jaffer\Application Data\Microsoft\Word\~WRL4044.tmp"
Tue 20 Mar 2007 4,058,624 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL0345.tmp"
Tue 20 Mar 2007 4,061,696 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL0395.tmp"
Wed 21 Mar 2007 4,070,400 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL1300.tmp"
Tue 20 Mar 2007 4,043,264 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL1373.tmp"
Tue 20 Mar 2007 4,040,704 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL1837.tmp"
Wed 21 Mar 2007 9,239,552 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL1869.tmp"
Wed 21 Mar 2007 4,072,960 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL2184.tmp"
Wed 21 Mar 2007 4,072,960 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL2312.tmp"
Wed 21 Mar 2007 4,071,936 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL2831.tmp"
Wed 21 Mar 2007 13,394,944 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL3097.tmp"
Wed 21 Mar 2007 4,073,472 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL3565.tmp"
Tue 20 Mar 2007 4,047,872 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL3768.tmp"
Wed 21 Mar 2007 4,065,792 A..H. --- "C:\Documents and Settings\Sukaina Jaffer\My Documents\University\Physics\~WRL3907.tmp"
Thu 8 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 8 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Thu 8 Sep 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"

Finished!

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:52 PM, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#4 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 06 June 2008 - 05:28 AM

Your going to be downloading ERUNT Installer, a registry backup tool.

Use the setup program to install ERUNT on your computer
Following the prompts install it with the default settings.

It will walk you through the install then make a back up copy of your registry.



+++++++++++++++++++++++++++++++++++++++++++++
Open notepad up and copy everything exactly in the box below into it.
Do not copy the word Code.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25EDE7A6-B871-9C4C-D76F-F7122A8396F0}]
"iacjmlekfoempgcbcd"=-
"iaoieohlgflcdjgida"=-
"hamhkphpgkncckaf"=-

Make certain there are no spaces before REGEDIT 4

and 1 blank line at the end.


Now click on save and save it to your DESKTOP

as "File Name" move.reg

Save as File type "all files" NOT TXT DOCUMENT

Now double click on the file.
When asked to merge with the registry answer yes.

Now delete that file.





_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If theres is more than one file to scan, insert them 1 at a time. Then copy each result for me.


C:\WINDOWS\SCAE9A987.tmp

C:\WINDOWS\system32\E1747373E9.sys



Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

____________________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner




_________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

    If you accidently close it you may find it here.
    Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The reports from Jottis/Virus total
  • The report from Malwarebytes

Edited by bob4, 06 June 2008 - 05:30 AM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#5 sukaina

sukaina

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 June 2008 - 04:39 PM

For: C:\WINDOWS\system32\E1747373E9.sys

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.55 2008.06.06 -
Authentium 5.1.0.4 2008.06.08 -
Avast 4.8.1195.0 2008.06.08 -
AVG 7.5.0.516 2008.06.07 -
BitDefender 7.2 2008.06.08 -
CAT-QuickHeal 9.50 2008.06.07 -
ClamAV 0.92.1 2008.06.08 -
DrWeb 4.44.0.09170 2008.06.08 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5858 2008.06.08 -
Ewido 4.0 2008.06.08 -
F-Prot 4.4.4.56 2008.06.08 -
F-Secure 6.70.13260.0 2008.06.08 -
Fortinet 3.14.0.0 2008.06.08 -
GData 2.0.7306.1023 2008.06.08 -
Ikarus T3.1.1.26.0 2008.06.08 -
Kaspersky 7.0.0.125 2008.06.08 -
McAfee 5312 2008.06.06 -
Microsoft 1.3604 2008.06.08 -
NOD32v2 3165 2008.06.06 -
Norman 5.80.02 2008.06.06 -
Panda 9.0.0.4 2008.06.08 -
Prevx1 V2 2008.06.08 -
Rising 20.47.42.00 2008.06.06 -
Sophos 4.30.0 2008.06.08 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.08 -
TheHacker 6.2.92.339 2008.06.07 -
VBA32 3.12.6.7 2008.06.08 -
VirusBuster 4.3.26:9 2008.06.08 -
Webwasher-Gateway 6.6.2 2008.06.08 -
Additional information
File size: 56 bytes
MD5...: 1fd1df66b44d52622d02324e718e3c48
SHA1..: a2f01c3368d2b4d5b3d0349e6fd6aead00271404
SHA256: 1333b30bfd8a07f473c81670c53a69183ee5bf024fd48dcd1844fc675335046e
SHA512: 25ec9a4c9d3163e1200a9dabf76e7c72d875c18028b22b68b1770f5102fa4293
129851e9e7b050a2f5bf09e4bb25ba0623747459776961ffde8e5559f0dc747d
PEiD..: -
PEInfo: -

For: C:\WINDOWS\SCAE9A987.tmp
Result: 0 bytes size received

This one, I tried to scan a bunch of times, it just doesnt do it. I scanned via virus total, not Jotti. Supposedly, jotti had way too many people on so I wasnt able to use it at all. Do you want me to try again at Jotti, another time?

Malware notepad scan result thing:

Malwarebytes' Anti-Malware 1.15
Database version: 841

6:40:20 PM 08/06/2008
mbam-log-6-8-2008 (18-40-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 105698
Time elapsed: 46 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 sukaina

sukaina

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 June 2008 - 04:41 PM

Heres my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:42:08 PM, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#7 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 08 June 2008 - 05:33 PM

You need to update SunJava for security reasons.
Updating Java:
Download the latest version of
Java Runtime Environment (JRE) 6 Update6

  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6
    ... allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Posted Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe
    to install the newest version.



_____________________________________

If you just have adobe reader 7.0 please update it also.


Adobe Acrobat Reader update

You are using an older vulnerable version of Adobe Acrobat Reader 7.0.
Please go here to download Adobe Acrobat Reader 8...



When you have finished installing the Acrobat Reader, please go to Add/Remove Programs and verify that there are no versions listed other than Acrobat Reader 8. If you find older versions, remove them.

When finished, reboot your computer.


________________________________________



You may want to consider uninstalling my Babylon toolbar.

http://www.castlecop...tbmyB1_dll.html

If you decide to these are the items to fix in HJT.

R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll





_________________________
In your next reply I would like to see:
  • A new HJT log
  • Let me know how things seem to be running

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#8 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 11 June 2008 - 04:55 AM

Still needing help ?
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#9 sukaina

sukaina

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 11 June 2008 - 02:29 PM

Hi again! Sorry for the late reply, Ive been so busy with reports and such. I really cant thank you enough for all your time and effort to help me. I really appreciate it. And my computer is running very well. My bro told me about 'Regcure' which has helped alot too.

I have one last question, that I was wondering if you could help me with. I have previously installed a bunch of adware/malware removing programs and have no idea which to use. Do you have any advice on which to delete/keep? These are the ones I have, as far as I know:

1. Ad-aware SE personal
2. Panda Active Scan
3. Spybot Search and Destroy 1.4
4. Spyware blaster v.3.5.1
5.Malawarebytes Antimalaware


Not sure what they do actually. And since there are so many... I dont usually use them.

Thanks for all your help :)


Logfile of HijackThis v1.99.1
Scan saved at 4:19:25 PM, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#10 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 11 June 2008 - 04:16 PM

OK. Al the anti malware programs you have installed work well. They all do different things. You should take a bit of time to read up on each of them. A quick google for each will point you in the right direction. I have left my instructions for spyware Blaster below as I recommend to may to use it.
I would keep spybot search and destroy..Malwarebytes Anti spyware ... and spyware blaster.



Regcure is another story. :smack:
Heres just one link I have found to prove my point.
http://www.complaint...cure-c4155.html

Now I'm not saying that regcure is going to kill your machine. It may be a good program.
But any automatic registry cleaner needs to be used with extreme caution. I avoid them.
And before doing so be certain you have a back up of the registry made before any changes are made.
1 mistake in the registry and you could end up with either 1 very large paper weight or you will be reformatting.
Yes there are stories out there also I'm sure of this program saving the day. But in my opinion it's a gamble at best.
Most people don't take the time to read what's about to be fixed to be sure theres nothing needed about to be cleaned.
That's just my 2 cents for ya. :popcorn:








___________________________________
Great news ! Posted Image

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!




___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK




A few things to help with possible threats

These are optional . But will help protect you further.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust...tsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.


Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.





Safe and Happy Surfing. :)
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#11 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 15 June 2008 - 02:07 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users